Download Latest Version
samtools-1.23.1.tar.bz2 (9.5 MB)
Get an email when there's a new version of SAM tools
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.txt | 2026-03-18 | 3.5 kB | |
| bcftools-1.23.1.tar.bz2 | 2026-03-18 | 8.2 MB | |
| samtools-1.23.1.tar.bz2 | 2026-03-18 | 9.5 MB | |
| htslib-1.23.1.tar.bz2 | 2026-03-18 | 5.0 MB | |
| Totals: 4 Items | 22.6 MB | 104 | |
------------------------------------------------------------------------------
htslib - changes v1.23.1
------------------------------------------------------------------------------
Bug fixes
---------
* Fix a number of bugs in the CRAM decoder which could result in undefined
behaviour on invalid inputs (PR #1981, PR #1991):
- Not checking the amount of byte array len data returned matched the
amount expected. (CVE-2026-31971)
- Incorrect check for the length of byte array stop data. (CVE-2026-31969)
- Invalid use of the varint and const codecs. (CVE-2026-31968)
- Missing check for a valid reference ID. (CVE-2026-31965)
- Missing check for a valid mate reference ID. (CVE-2026-31967)
- Incomplete validation of CRAM feature locations. (CVE-2026-31965,
CVE-2026-31966)
- Bugs due to improper handling of records where no sequence or quality
values were stored (CVE-2026-31962, CVE-2026-31964)
* Reject GZI indexes with impossibly-large item counts. (CVE-2026-31970)
(PR #1978. Reported by Harrison Green)
* Prevent the wrong item count from being written to GZI indexes of empty
files. (PR #1988. Reported by Matthieu Muffato)
* Fix invalid behaviour if kmemmem(), kstrstr() or kstrnstr() were called
with a zero-length pattern, or if kstrstr() was given a very long input.
Also ensure they can never fail by supplying a fallback algorithm that does
not allocate any memory. (PR #1980. Reported by Harrison Green)
* Prevent redundant copies of hash keys in string pools. (PR #1982)
* Fix regressions in the S3 plugin which caused uploads to fail. (PR #1984)
* Disallow attempts to set the thread pool attached to an htsFile twice.
(PR #1985)
Build Changes
-------------
* The htscodecs submodule is updated to v1.6.6. (PR #1989)
------------------------------------------------------------------------------
samtools - changes v1.23.1
------------------------------------------------------------------------------
Bug fixes:
* This release bundles HTSlib 1.23.1, which includes many important bug
fixes. Please see htslib/NEWS for details.
* Fix incorrect variable expansion in seq_cache_populate.py
(PR #2291. Thanks to Ruben Vorderman)
* Don't try to write out empty strings in threaded consensus pileup mode.
(PR #2305)
* Wrap ctype.h functions to avoid array subscript warnings, and add casts
to prevent sign extension where arrays are indexed with char values.
(PR #2306)
* Make `samtools cram-size` exit cleanly instead of crashing if it reads an
invalid CRAM header. (PR #2313)
Build changes:
* Reordered options for grep commands in tests so the input file is at the
end. (PR #2311)
* Limit memory used by samtools sort in tests. (PR #2312)
------------------------------------------------------------------------------
bcftools - changes v1.23.1
------------------------------------------------------------------------------
Changes affecting the whole of bcftools, or multiple commands:
* This release bundles HTSlib 1.23.1, which includes many important bug
fixes. Please see htslib/NEWS for details.
* Fix silent output truncation due to missing checks for read errors in the
annotate, cnv, concat, convert, consensus, csq, filter, gtcheck, isec,
merge, norm, query and stats commands; and all plugins. They will now
print an error and return a non-zero exit code if an error is encountered
when reading input data. (PR #2503)
